Well I thought I'd test. Just as well.
No changes to my confs. Just updated libreswan and tried to reconnect:
First failure:
No acceptable ECDSA/RSA-PSS ASN.1 signature hash proposal included for
rsasig in I2 Auth Payload
responding to IKE_AUTH message (ID 1) from 1.2.3.4:4500 with encrypted
notification AUTHENTICATION_FAILED
encountered fatal error in state STATE_PARENT_R1
Tried all the encryption combinations I can find on my Endian box and
none work.
Then I tried my ipsec l2tpd transport and that failed as well:
responding to Main Mode from unknown peer 213.4.186.104:46309
OAKLEY_GROUP 2 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
OAKLEY_DES_CBC(UNUSED) is not supported. Attribute
OAKLEY_ENCRYPTION_ALGORITHM
There is one drawback in increasing security levels. If people can't
make it work, they'll just stick to the older insecure versions.
And that helps no one really.
So the question is how can I make my existing stuff work, or do I just
have to revert to 3.29 ?
B. Rgds
John
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20200217/1fbec46c/attachment.sig>